Sciweavers

WORM
2003

Detection of injected, dynamically generated, and obfuscated malicious code

13 years 5 months ago
Detection of injected, dynamically generated, and obfuscated malicious code
This paper presents DOME, a host-based technique for detecting several general classes of malicious code in software executables. DOME uses static analysis to identify the locations (virtual addresses) of system calls within the software executables, and then monitors the executables at runtime to verify that every observed system call is made from a location identified using static analysis. The power of this technique is that it is simple, practical, applicable to real-world software, and highly effective against injected, dynamically generated, and obfuscated malicious code. Categories and Subject Descriptors D.2.4 [Software Engineering]: Software/Program Verification – Model checking; D.4.6 [Operating Systems]: Security and Protection – Invasive software (e.g., viruses, worms, Trojan horses), Authentication; K.6.5 [Management Of Computing And Information Systems]: Security and Protection – Invasive software (e.g., viruses, worms, Trojan horses), Authentication. General Terms...
Jesse C. Rabek, Roger I. Khazan, Scott M. Lewandow
Added 01 Nov 2010
Updated 01 Nov 2010
Type Conference
Year 2003
Where WORM
Authors Jesse C. Rabek, Roger I. Khazan, Scott M. Lewandowski, Robert K. Cunningham
Comments (0)